4 Most Common Ways Departing Employees Steal Data

Most businesses carry a value that can be sold or manipulated in some way. If you store data from past transactions or collect personal information as leads, then these sources can be easily tapped into and extorted for financial gain.

Many people believe that hackers are the primary source of data breaches. However, according to IBM’s 2019 Cost of a Data Breach Study, just under 50% of all data breach cases are caused by an insider threat. 

One type of insider threat that you should be worried about occurs when employees are leaving your company. Departing employees can make mistakes that leave holes in your company’s firewall, but often times departing employees steal data as deliberate theft and do so for financial gain and future career development.  

To help you and your company be prepared for, and protect against, this type of threat, this article will identify the four most common ways departing employees steal data.

1. Online File Transfers

The internet is arguably the most common way that data from your company gets out. Employees have access to the internet through their company’s profiles and can use sophisticated software to hack your systems’ firewall and facilitate the transfer of large data files over the Internet. 

Once the valuable data has been obtained, employees can send files as attachments over email, upload through an HTTP post method, upload to their personal Dropbox, OneDive or Google drive, and/or online file transfer protocol (FTP). Departing employees might do this at the end of their tenure because they have learned your network system and they won’t be sticking around to get caught.

Because employee monitoring software runs silently, employee movements through source code and firewall will be tracked before an employee even realizes that the system is running. Computer monitoring software will alert a company to behaviors that are outside what is acceptable for the user’s expectations and can work as an invaluable form of insider threat detection.

Peer to peer (P2P) protocols also post a threat, as employee networks can facilitate large and complex file transfers through a variety of technologies, channels and proxies. Communication systems like an instant messenger (i.e, Skype, Slack, or Google Talk), as well as the ease and accessibility of smartphones, allow for quick P2P transfers. 

With P2P protocols, it can become nearly impossible to track down where the stolen intel came from. Employees can come and go and you won’t have known that information was even stolen. 

2. Physical File Transfers

In 2008, the Pentagon experienced a significant data breach. It was dubbed a cyberattack on the United States because the U.S. military’s entire computer network was compromised. The attack started with an infected USB drive, which uploaded a malicious computer code onto the network. It was able to spread undetected on both classified and unclassified systems, opening up an avenue where data could be transferred to foreign servers.

This example goes to show that virtually any physical drive has the potential to hack into even the most sophisticated networks. The Pentagon has long been susceptible to physical file transfer data breaches, both accidentally and deliberate. For example, an employee who was leaving the Pentagon downloaded all their personal files to a USB. Unbeknownst to them, they had actually taken hundreds of personnel files along with them.

The Pentagon has been able to mitigate some of these risks, but physical file transfers have a lot of power when stealing information. Since USBs and Micro-SD cards can easily be smuggled in and out of buildings, malicious code can easily open up ways for employees to undetectably access and download files onto a storage medium.

3. Radio Frequency Networks

Although less common, radio frequency networks can still be utilized as a nearly undetectable way to transfer data. Radiofrequency networks include WiFi connections (as opposed to hard-lined internet connections), Bluetooth, direct phone connections and cellular networks. These types of networks are most frequently accessed through smartphones and make data theft easy, but theft detection nearly impossible.

If radiofrequency is a viable insider threat for your company, then we recommend that your company restricts phone use to work-monitored phones online, as well as set data leak prevention software to monitor WiFi connections and other internal activity. 

4. Simple or Complex Intel Theft

Intel theft is just another way that valuable company data can be stolen. Intel can refer to any type of business insider information, including things like plans, models or logistics, copyright software or coding, or trademarked products. Since this type of data can be covered under creative commons law, your company can begin to mitigate this type of data theft by identifying what is intel and where it is kept. If it is simple intel, it could mean that your employees sign a non-disclosure agreement. If it is complex intel, then your security team may need to take extra measures to secure the data as well as compartmentalize who has access to what data.

One example of complex intel theft is that of Uber. Uber acquired a startup called Otto to help them develop self-driving cars. It turned out that Otto founder, Anthony Lewandowski, had stolen 14,000 confidential technical documents, design files, blueprints and more when he had left his previous company, Waymo of Google. In 2017, Waymo sued Uber for trade secret theft and Uber is facing criminal charges of trade secret theft cover-up. Lewandowksi was charged with 33 counts of theft and attempted theft of trade secrets, a criminal indictment that violated the U.S. Computing Fraud and Abuse Act (CFAA)

Protect Your Value

No matter what it is that your company sells, employees can easily identify a way to steal it. In addition to setting up a complex security infrastructure and compartmentalizing company intel, employee monitoring software should be your company’s first line of defense in identifying, and mitigating, these insider threats.

March 2nd, 2020